AWS Administration – The Definitive Guide Learn to design, build, and manage your infrastructure on the most popular of all the Cloud platforms—Amazon Web Services Yohan Wadia professional expertise distilled P U B L I S H I N G BIRMINGHAM - MUMBAI AWS Administration – The Definitive Guide Copyright © 2016 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2016 Production reference: 1080216 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78217-375-5 www.packtpub.com Credits Author Project Coordinator Yohan Wadia Bijal Patel Reviewer Proofreader Paul Deng Safis Editing Commissioning Editor Indexer Kunal Parikh Monica Ajmera Mehta Acquisition Editor Production Coordinator Rahul Nair Nilesh Mohite Content Development Editor Cover Work Anish Dhurat Nilesh Mohite Technical Editor Pranjali Mistry Copy Editor Charlotte Carneiro About the Author Yohan Wadia is a client-focused virtualization and cloud expert with 6 years of experience in the IT industry. He has been involved in conceptualizing, designing, and implementing large-scale solutions for a variety of enterprise customers based on VMware vCloud, Amazon Web Services, and Eucalyptus Private Cloud. His community-focused involvement also enables him to share his passion for virtualization and cloud technologies with peers through social media engagements, public speaking at industry events, and through his personal blog—yoyoclouds.com He is currently working with an IT services and consultancy company as a Cloud Solutions Lead and is involved in designing and building enterprise-level cloud solutions for internal as well as external customers. He is also a VMware Certified Professional and a vExpert (2012 and 2013). I wish to dedicate this book to both my loving parents, Ma and Paa. Thank you for all your love, support, encouragement, and patience. I would also like to thank the entire Packt Publishing team, especially Ruchita Bhansali, Athira Laji, and Gaurav Sharma, for their excellent guidance and support. And finally, a special thanks to one of my favorite bunch of people: the amazing team of developers, support staff, and engineers who work at AWS for such an "AWSome" cloud platform! Not all those who wander are lost. - J. R. R. Tolkien About the Reviewer Paul Deng is a senior software engineer with over 8 years of experience in end-to-end IoT app design and development, including embedded devices, large-scale machine learning, cloud, and web apps. Paul holds software algorithm patents and was a finalist of Shell Australian Innovation Challenge 2011. He has authored several publications on IoT and cloud. He lives in Melbourne, Australia, with his wife Cindy and son Leon. Visit his website at http://dengpeng.de to see what he is currently exploring and to learn more about him. www.PacktPub.com Support files, eBooks, discount offers, and more For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. TM https://www2.packtpub.com/books/subscription/packtlib Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books. Why subscribe? • Fully searchable across every book published by Packt • Copy and paste, print, and bookmark content • On demand and accessible via a web browser Free access for Packt account holders If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access. Instant updates on new Packt books Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page. Table of Contents Preface vii Chapter 1: Introducing Amazon Web Services 1 What is cloud computing? 2 Cloud computing features and benefits 3 Cloud computing use cases 3 Introducing Amazon Web Services 4 AWS architecture and components 5 Regions and availability zones 5 AWS platform overview 7 Getting started with AWS 11 Introducing the AWS Management Console 15 Getting started with AWS CLI 18 Plan of attack! 20 Summary 22 Chapter 2: Security and Access Management 23 Security and clouds 23 Is AWS really secure 24 Shared responsibility model 24 Identity and Access Management 25 Business use case scenario 27 Getting started with the IAM Console 27 Creating users and groups 30 Understanding permissions and policies 35 Creating and assigning policies 39 Managing access and security using the AWS CLI 41 Planning your next steps 46 Recommendations and best practices 48 Summary 49 [ i ] Table of Contents Chapter 3: Images and Instances 51 Introducing EC2! 51 EC2 use cases 52 Introducing images and instances 53 Understanding images 53 Amazon Linux AMI 56 Understanding instances 57 EC2 instance pricing options 58 On-demand instances 58 Reserved instances 59 Spot instances 60 Working with instances 60 Stage 1 – choose AMI 62 Stage 2 – choose an instance type 63 Stage 3 – configure instance details 64 Stage 4 – add storage 65 Stage 5 – tag instances 66 Stage 6 – configure security groups 67 Stage 7 – review instance launch 68 Connecting to your instance 69 Configuring your instances 75 Launching instances using the AWS CLI 77 Stage 1 – create a key pair 77 Stage 2 – create a security group 78 Stage 3 – add rules to your security group 79 Stage 4 – launch the instance 79 Cleaning up! 80 Planning your next steps 81 Recommendations and best practices 82 Summary 83 Chapter 4: Security, Storage, Networking, and Lots More! 85 An overview of security groups 85 Understanding EC2 networking 89 Determining your instances IP addresses 92 Working with Elastic IP addresses 93 Create an Elastic IP address 95 Allocating Elastic IP addresses 95 Disassociating and releasing an Elastic IP address 97 Understanding EBS volumes 98 EBS volume types 99 Getting started with EBS Volumes 99 Creating EBS volumes 100 Attaching EBS volumes 102 Accessing volumes from an instance 103 [ ii ] Table of Contents Detaching EBS volumes 104 Managing EBS volumes using the AWS CLI 105 Backing up volumes using EBS snapshots 107 Planning your next steps 112 Recommendations and best practices 113 Summary 114 Chapter 5: Building Your Own Private Clouds Using Amazon VPC 115 An overview of Amazon VPC 115 VPC concepts and terminologies 117 Subnets 117 Security groups and network ACLs 119 Routing tables 120 VPC endpoints 120 Internet Gateways 122 NAT instances 123 DNS and DHCP Option Sets 124 VPC limits and costs 125 Working with VPCs 126 VPC deployment scenarios 126 Getting started with the VPC wizard 127 Viewing VPCs 133 Listing out subnets 135 Working with route tables 136 Listing Internet Gateways 137 Working with security groups and Network ACLs 138 Launching instances in your VPC 142 Creating the web servers 142 Creating the database servers 144 Planning next steps 144 Best practices and recommendations 146 Summary 147 Chapter 6: Monitoring Your AWS Infrastructure 149 An overview of Amazon CloudWatch 149 Concepts and terminologies 150 Metrics 150 Namespaces 151 Dimensions 151 Time stamps and periods 151 Units and statistics 152 Alarms 153 CloudWatch limits and costs 154 Getting started with CloudWatch 155 Monitoring your account's estimate charges using CloudWatch 155 [ iii ]